Note: please note that Liferay has renamed its Liferay Experience
Could offerings to Liferay SaaS (formerly LXC) and
Liferay PaaS (formerly LXC-SM).
Issue
- We have encountered requests from unauthenticated sources on the webserver. Can these requests be blocked before reaching the webserver?
Environment
- Liferay DXP 7.4
Resolution
- We've two options present to deal with unwanted requests at the web server level, one is enabling the ModSecurity and the other is Blocking IPs that are unauthenticed.
- However, in front of the web server, the component we have is the GKE Ingress (firewall/Load Balancer), which gives internet access to your environment’s services via proxied HTTP(S) connections using TLS (1.0 to 1.2) protocol and diffuse traffic along with reducing the risk of services being overloaded.
- This Google Kubernetes Engine (GKE) ingress relies on GCloud HTTPS Load Balancer with WAF capabilities enabled and has some default firewall rules that are common for all the infrastructure, and it is not possible to customize them as per the requirements.
- Hence, it would not be possible to block the unwanted requests on any other component before the web server.
Additional Information
Contenido exclusivo para suscriptores.
Una Suscripción Enterprise de Liferay proporciona acceso a más de 1.500 artículos que incluyen las mejores practicas, diagnóstico de problemas y otras soluciones útiles. Inicia sesión para tener un acceso completo.
Inicia sesión